By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

"Web application mass exploitation is the biggest bang for buck for criminals since Windows 95," Starkey said at the Media Connect Kickstart conference. But while Windows 95 was largely exploited by "script kiddies" Starkey says criminals are now targeting web applications because they offer an easier route to reward than attacks on individual PCs, which he said are " very noisy and generates a lot of heat."

Infiltrating a web application, he said, is easy thanks to the proliferation of commercial infection tools that he described as "very easy to get hold of, extraordinarily powerful and very easy to use."

The result of this trend is that "the old advice of do not visit untrusted websites is obsolete," as any website can be compromised.

"Facebook and MySpace make this very easy because you can find out a lot about what will gain a target's interest before you even attack," he said, dubbing this new behaviour "spear phishing" or "selective malicious code" attacks.

Another technology Starkey said AusCERT feels will draw an increase in attacks is virtualisation, as virtualised servers represent a potentially richer target than a single server.

"Virtualisation can enable a significantly greater degree of compromise compared to a single server," he said.

Starkey said that another area of concern is content management systems. He cited popular blogging platform WordPress, which can be downloaded and hosted by its users, as one technology that is increasingly being exploited along with other PHP-based CMSes.